Additional authentication checks

SumOfUs · Sep 7, 2016 · 842bafc · 842bafc
1 parent f71ddb2
commit 842bafc
Show file tree

Hide file tree

Showing 20 changed files with 133 additions and 98 deletions.
diff --git a/app/controllers/liquid_layouts_controller.rb b/app/controllers/liquid_layouts_controller.rb
@@ -1,25 +1,19 @@
 # frozen_string_literal: true
 class LiquidLayoutsController < ApplicationController
-  before_action :authenticate_user!, except: [:show, :create]
+  before_action :authenticate_user!
   before_action :set_liquid_layout, only: [:show, :edit, :update, :destroy]
 
-  # GET /liquid_layouts
-  # GET /liquid_layouts.json
   def index
     @liquid_layouts = LiquidLayout.all
   end
 
-  # GET /liquid_layouts/new
   def new
     @liquid_layout = LiquidLayout.new
   end
 
-  # GET /liquid_layouts/1/edit
   def edit
   end
 
-  # POST /liquid_layouts
-  # POST /liquid_layouts.json
   def create
     @liquid_layout = LiquidLayout.new(liquid_layout_params)
 
@@ -34,8 +28,6 @@ def create
     end
   end
 
-  # PATCH/PUT /liquid_layouts/1
-  # PATCH/PUT /liquid_layouts/1.json
   def update
     respond_to do |format|
       if @liquid_layout.update(liquid_layout_params)
@@ -48,8 +40,6 @@ def update
     end
   end
 
-  # DELETE /liquid_layouts/1
-  # DELETE /liquid_layouts/1.json
   def destroy
     @liquid_layout.destroy
     respond_to do |format|
@@ -60,12 +50,10 @@ def destroy
 
   private
 
-  # Use callbacks to share common setup or constraints between actions.
   def set_liquid_layout
     @liquid_layout = LiquidLayout.find(params[:id])
   end
 
-  # Never trust parameters from the scary internet, only allow the white list through.
   def liquid_layout_params
     params
       .require(:liquid_layout)

diff --git a/app/controllers/liquid_partials_controller.rb b/app/controllers/liquid_partials_controller.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 class LiquidPartialsController < ApplicationController
-  before_action :authenticate_user!, except: [:show, :create]
+  before_action :authenticate_user!
   before_action :set_liquid_partial, only: [:show, :edit, :update, :destroy]
 
   def index

diff --git a/app/controllers/pages_controller.rb b/app/controllers/pages_controller.rb
@@ -3,7 +3,7 @@
 require 'browser'
 
 class PagesController < ApplicationController
-  before_action :authenticate_user!, except: [:show, :create, :follow_up]
+  before_action :authenticate_user!, except: [:show, :follow_up]
   before_action :get_page, only: [:edit, :update, :destroy, :follow_up, :analytics]
   before_action :get_page_or_homepage, only: [:show]
 

diff --git a/app/controllers/plugins/base_controller.rb b/app/controllers/plugins/base_controller.rb
@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 class Plugins::BaseController < ApplicationController
+  before_action :authenticate_user!
+
   def update
     plugin = plugin_class.find(params[:id])
 

diff --git a/app/controllers/share/shares_controller.rb b/app/controllers/share/shares_controller.rb
@@ -4,6 +4,7 @@
 class Share::SharesController < ApplicationController
   before_filter :set_resource
   before_filter :find_page
+  before_filter :authenticate_user!
 
   def new
     @share = share_class.new(new_defaults)

diff --git a/spec/controllers/action_kit_controller_spec.rb b/spec/controllers/action_kit_controller_spec.rb
@@ -2,20 +2,15 @@
 require 'rails_helper'
 
 describe ActionKitController do
-  let(:user) { double }
-
   before do
-    allow(request.env['warden']).to receive(:authenticate!) { user }
     allow(ActionKit::Helper).to receive(:check_petition_name_is_available)
   end
 
-  describe 'POST#check_slug' do
-    it 'authenticates session' do
-      expect(request.env['warden']).to receive(:authenticate!)
+  include_examples 'session authentication',
+    { post:   [:check_slug, slug: 'foo-bar', format: :json] }
 
-      post :check_slug, slug: 'foo-bar', format: :json
-    end
 
+  describe 'POST#check_slug' do
     it 'checks if name is available' do
       expect(ActionKit::Helper)
         .to receive(:check_petition_name_is_available)

diff --git a/spec/controllers/campaigns_controller_spec.rb b/spec/controllers/campaigns_controller_spec.rb
@@ -2,14 +2,19 @@
 require 'rails_helper'
 
 describe CampaignsController do
-  let(:user) { instance_double('User', id: '1') }
   let(:campaign) { instance_double('Campaign') }
 
   before do
-    allow(request.env['warden']).to receive(:authenticate!) { user }
-    allow(controller).to receive(:current_user) { user }
+    allow(Campaign).to receive(:find) { campaign }
   end
 
+  include_examples 'session authentication',
+    { get:  [:index],
+      get:  [:new],
+      get:  [:edit, id: 1],
+      get:  [:show, id: 1]
+    }
+
   describe 'GET index' do
     it 'renders index' do
       get :index
@@ -38,7 +43,6 @@
 
   describe 'GET edit' do
     before do
-      allow(Campaign).to receive(:find) { campaign }
       get :edit, id: 1
     end
 
@@ -56,10 +60,6 @@
   end
 
   describe 'GET show' do
-    before do
-      allow(Campaign).to receive(:find) { campaign }
-    end
-
     it 'finds campaign' do
       expect(Campaign).to receive(:find).with('1')
       get :show, id: 1
@@ -80,6 +80,11 @@
       post :create, campaign: fake_params
     end
 
+    it 'authenticates session' do
+      expect(request.env['warden']).to receive(:authenticate!)
+      post :create, campaign: fake_params
+    end
+
     it 'calls CampaignCreator.run' do
       expect(CampaignCreator).to have_received(:run).with(fake_params)
     end

diff --git a/spec/controllers/donation_bands_controller_spec.rb b/spec/controllers/donation_bands_controller_spec.rb
@@ -2,14 +2,18 @@
 require 'rails_helper'
 
 describe DonationBandsController do
-  let(:user) { instance_double('User', id: 1) }
   let(:donation_band) { instance_double('DonationBand', name: 'Test') }
 
   before do
-    allow(request.env['warden']).to receive(:authenticate!) { user }
-    allow(controller).to receive(:current_user) { user }
+    allow(DonationBand).to receive(:find) { donation_band }
   end
 
+  include_examples 'session authentication',
+    { get:  [:index],
+      get:  [:new],
+      get:  [:edit, id: 1]
+    }
+
   describe 'GET index' do
     it 'authenticates session' do
       expect(request.env['warden']).to receive(:authenticate!)
@@ -47,7 +51,6 @@
 
   describe 'GET edit' do
     before do
-      allow(DonationBand).to receive(:find) { donation_band }
       get :edit, id: 1
     end
 

diff --git a/spec/controllers/featured_pages_controller_spec.rb b/spec/controllers/featured_pages_controller_spec.rb
@@ -2,11 +2,15 @@
 require 'rails_helper'
 
 describe FeaturedPagesController do
-  let(:user) { double('User') }
   let(:page) { double('Page') }
 
+  include_examples 'session authentication',
+    {
+      post:   [:create, format: :js],
+      delete: [:destroy, id: '1', format: :js]
+    }
+
   before do
-    allow(request.env['warden']).to receive(:authenticate!) { user }
     allow(Page).to receive(:find) { page }
     allow(page).to receive(:update)
   end
@@ -16,10 +20,6 @@
       post :create, id: '1', format: :js
     end
 
-    it 'authenticates session' do
-      expect(request.env['warden']).to have_received(:authenticate!)
-    end
-
     it 'finds page' do
       expect(Page).to have_received(:find).with('1')
     end
@@ -38,10 +38,6 @@
       delete :destroy, id: '1', format: :js
     end
 
-    it 'authenticates session' do
-      expect(request.env['warden']).to have_received(:authenticate!)
-    end
-
     it 'finds page' do
       expect(Page).to have_received(:find).with('1')
     end

diff --git a/spec/controllers/form_elements_controller_spec.rb b/spec/controllers/form_elements_controller_spec.rb
@@ -4,11 +4,8 @@
 describe FormElementsController do
   let(:element) { instance_double('FormElement', valid?: true) }
   let(:form) { instance_double('Form') }
-  let(:user) { double }
 
-  before do
-    allow(request.env['warden']).to receive(:authenticate!) { user }
-  end
+  include_examples 'session authentication', {}
 
   describe 'POST #create' do
     let(:params) { { label: 'Label', data_type: 'text', required: true } }

diff --git a/spec/controllers/images_controller_spec.rb b/spec/controllers/images_controller_spec.rb
@@ -4,13 +4,13 @@
 describe ImagesController do
   let(:page)  { instance_double('Page', valid?: true) }
   let(:image) { double('image', content: 'foo', errors: []) }
-  let(:user)  { double }
 
   before do
     allow(Page).to receive(:find) { page }
-    allow(request.env['warden']).to receive(:authenticate!) { user }
   end
 
+  include_examples 'session authentication', {}
+
   describe 'POST #create' do
     before do
       allow(page).to receive_message_chain(:images, :create).and_return(image)

diff --git a/spec/controllers/links_controller_spec.rb b/spec/controllers/links_controller_spec.rb
@@ -3,11 +3,8 @@
 
 describe LinksController do
   let(:link) { instance_double('Link', save: true) }
-  let(:user) { instance_double('User', id: '1') }
 
-  before :each do
-    allow(request.env['warden']).to receive(:authenticate!) { user }
-  end
+  include_examples 'session authentication', {}
 
   describe 'POST #create' do
     let(:page) { instance_double('Page') }
@@ -20,6 +17,10 @@
       post :create, page_id: '1', link: params
     end
 
+    it 'authenticates session' do
+      expect(request.env['warden']).to have_received(:authenticate!)
+    end
+
     it 'does not bother to find page' do
       expect(Page).not_to have_received(:find)
     end

diff --git a/spec/controllers/liquid_layouts_controller_spec.rb b/spec/controllers/liquid_layouts_controller_spec.rb
@@ -19,8 +19,14 @@
 # Message expectations are only used when there is no simpler way to specify
 # that an instance is receiving a specific message.
 
+# TODO: Refactor me!
+#
 describe LiquidLayoutsController do
-  login_user
+  include_examples 'session authentication',
+    {
+      get:  [:index],
+      get:  [:new]
+    }
 
   # This should return the minimal set of attributes required to create a valid
   # LiquidLayout. As you add validations to LiquidLayout, be sure to

diff --git a/spec/controllers/pages_controller_spec.rb b/spec/controllers/pages_controller_spec.rb
@@ -8,6 +8,8 @@
   let(:page) { instance_double('Page', published?: true, featured?: true, id: '1', liquid_layout: '3', follow_up_liquid_layout: '4', language: default_language) }
   let(:renderer) { instance_double('LiquidRenderer', render: 'my rendered html', personalization_data: { some: 'data' }) }
 
+  include_examples 'session authentication', {}
+
   before do
     allow(request.env['warden']).to receive(:authenticate!) { user }
     allow(controller).to receive(:current_user) { user }
@@ -36,6 +38,10 @@
       post :create, page: { title: 'Foo Bar' }
     end
 
+    it 'authenticates session' do
+      expect(request.env['warden']).to have_received(:authenticate!)
+    end
+
     it 'creates page' do
       expected_params = { title: 'Foo Bar' }
 
@@ -70,6 +76,11 @@
 
     subject { put :update, id: '1', page: { title: 'bar' } }
 
+    it 'authenticates session' do
+      subject
+      expect(request.env['warden']).to have_received(:authenticate!)
+    end
+
     it 'finds page' do
       expect(Page).to receive(:find).with('1')
       subject

diff --git a/spec/controllers/share/shared_examples.rb b/spec/controllers/share/shared_examples.rb
@@ -4,6 +4,8 @@
   let(:failed_share) { instance_double(share_class, valid?: true, errors: { base: ['email_body needs {LINK}'] }) }
   let(:page) { instance_double('Page', title: 'Foo', content: 'Bar', id: '1', to_param: '1') }
 
+  include_examples 'session authentication', {}
+
   before do
     allow(Page).to receive(:find).with('1') { page }
   end

diff --git a/spec/controllers/shared_examples.rb b/spec/controllers/shared_examples.rb
@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+shared_examples 'session authentication' do |actions|
+  let(:session_user) { double }
+
+  before do
+    allow(request.env['warden']).to receive(:authenticate!) { session_user }
+  end
+
+  actions.each do |verb, arguments|
+    it "authenticates session for #{arguments.first}" do
+      expect(request.env['warden']).to receive(:authenticate!)
+      send(verb, *arguments)
+    end
+  end
+end
+